Why it matters
Use of common law
Spam is almost as old as the Internet itself, but its alarming rise is challenging companies more than ever. In the past six months, the volume of junk mail sent online more than doubled, according to spam filter company Brightmail, and spam text messaging is seriously adding to the problem. Internet researcher Jupiter Media Metrix estimates that consumers will receive about 206 billion junk emails in 2006 - an average of 1,400 per person, compared with about 700 per person this year.
This rate of increase is driving companies to take desperate measures that in some cases are creating international controversy. In the Unites States, for example, some business owners, systems administrators and internet service providers (ISPs) are banning all unknown email from entire regions of Asia, where they believe unregulated servers are being used to relay much of the spam traffic that both originates and ends up in the United States.
Putting aside any arguments of spam's efficacy and the marketer's dream of bespoke personal, targeted messaging, there is in fact a plethora of legal issues relating to its use. Privacy and data protection issues, trespass, content restrictions, and solicitation issues all come up in one way or another. The European Parliament has been active trying to legislate on these subjects and in the United States, many state legislators are proposing anti-spam legislation with renewed vigour, buoyed by recent California and Washington cases upholding the constitutionality of anti-spam statutes (see California appellate court upholds anti-spam law and US Supreme Court declines to hear Washington spam case).
Why it matters
The Coalition Against Unsolicited Commercial Email, one of many anti-spam advocates, is campaigning to stop the so-called 'spam tax'. "The spam tax is the cost to consumers, small businesses, internet service providers, schools, charities and non-profit organizations associated with receiving unsolicited commercial email. Due to the economics of email technology, the majority of the cost of email is borne by recipients; so when marketers send [spam], their profits come at the expense of all their recipients."
The group argues that this tax supports direct marketing organizations and funds the very spam that many people try not to receive. This is the dilemma of the legitimate direct marketing business and why associations such as the Direct Marketing Association (DMA) are so keen to control anti-spam legislation to ensure it is proportionate but not prohibitive.
In February this year the DMA announced guidelines for its members participating in email marketing. The guidelines follow the opt-out approach, that is, spamming is permitted without the prior permission of the recipient provided the individual has the ability to request removal from a mailing list. The guidelines also stress the importance of clearly explaining to spam recipients how to unsubscribe from future mailings and how to prevent their addresses being used in the future. They recommend that marketers provide contact details and an off-line method of contact should spam recipients have any questions.
The DMA runs a voluntary email-preference service which individuals can join should they not wish to receive spam. The association urges marketers to regularly screen against this list to ensure they are aware of those potential recipients who have opted out.
Another group - the Californian-based SpamCon Foundation - offers guidance to spam recipients suggesting a number of responses, depending on the severity of the spamming:
contact the sender;
report the spam to agencies that maintain statistics;
report fraudulent or otherwise illegal content to the appropriate authorities;
contact your own ISP;
contact the sender's ISP;
demand restitution from the spammer; and
initiate legal action against the spammer.
In the European Union, the Telecom Privacy Protection Directive (97/66/EC) has been problematic with respect to the position on spam. This directive clearly precludes unsolicited fax and telephone direct marketing without the prior consent of the individual, but is ambiguous with regard to email.
The EU Data Protection Directive, too, has been problematic. While this directive aims to ensure the fair and lawful processing of individuals' personal data, it is unclear whether 'personal data' includes email addresses in all instances.
These uncertainties have led to an EU drive to clarify and harmonize the laws of the 15 EU member states. The draft Telecommunications Data Protection Directive's progress has taken twists and turns, but in the end will harmonize the current mixture of opt-in/opt-out regimes across Europe. The EU ministers currently prefer an opt-in approach, that is, spamming is prohibited without the prior permission/request of the recipient. This opt-in approach has two important carve-outs, however.
First, there will be an opt-out rather than opt-in requirement where sellers in the course of selling products or services collect email addresses. However, businesses wanting to spam can only use their customers' email addresses for marketing their own products and services which must be similar to those which were bought at the time the email address was first provided. This will require careful internal monitoring and does not help large disparate groups that offer a range of services. Common to much spam legislation around the world, customers must "clearly and distinctly" be offered the opportunity to opt out of their details being used for further spam.
Second, the opt-in rule will be reversed where the subscriber renting the telephone line which hosts the email address is not an individual person. Therefore, in many cases, email addresses of individuals on their company-sponsored networks will be exempt from the opt-in rule, facilitating business-to-business spamming.
Assuming no major hurdles arise in the remainder of the process, the directive may well be signed off by the end of next month, and is due to be law across Europe by September 2003.
The United States is also very active, with advanced legislation in some US states and moves afoot to legislate at the federal level.
The US Congress has been debating similar nationwide laws for seven years and a number of federal bills (eg, the Unsolicited Commercial Email Bill) have made some progress. However, with no federal law on point at present, at least 18 states have implemented or are considering anti-spam legislation.
California was one of the first states to act, with a 1998 law that regulates the sending of spam. When spam is sent via a California-based ISP to a California resident, the email must contain full contact details and opt-out instructions. If removal is requested, that request must be honoured. One difference between this state law and others is that spam must be identified as such in the subject line. The law provides for the use of the initials ADV, meaning 'advertisement' in the subject line (or ADV:ADLT for 'adult sexual content').
While it is estimated that nearly six million people in 24 states have registered to have telemarketing calls blocked under new do-not-call laws, anti-spam legislation will never be as effective. This is mainly because people have numerous email addresses or one email address can distribute messages to hundreds of people within an organization. Also, even with the cooperation of ISPs, it is hard to prevent businesses using throwaway dial-up accounts to spam and then run. Tracing or preventing such activity has numerous hurdles.
Australia has a reputation for producing a volume of spam which is proportionally far higher than that produced in the United States, according to the Coalition Against Unsolicited Bulk Email, Australia. As a result, the government has been active in promulgating legislation and guidelines on spam use. The recently enacted Privacy Amendment (Private Sector) Act, for example, has made certain types of acquaintance spam illegal. Businesses that are caught by the provisions of the act "must obtain permission from their customers in some situations prior to using their email addresses for anything that can be construed as spam."
In addition, guidelines set out in the industry code titled Building Consumer Sovereignty in Electronic Commerce (A Best Practice Model for Business) state that Australian businesses should not send spam except to people with whom they have an existing relationship, or people who have indicated they want to receive commercial email. Businesses should provide customers with a simple procedure for being removed from email lists.
Use of common law
With the absence of effective spam legislation, spam cases are being fought based on traditional legal principles, such as trespass and forgery, and ISPs are taking action.
In the case of Intel v Hamidi, a California appellate court ruled that waves of emails sent to Intel by a former employee constituted trespass to chattels (ie, Intel's server). Intel was successful in obtaining an injunction banning Hamidi from sending further emails after the court dismissed Hamidi's free-speech arguments. (For more on this case, see California Supreme Court asked to overturn unwanted email ruling.)
In other cases, forgery laws have been enforced by federal magistrates in New York. For example, in the recent case of People v Garon (NY S Ct), the court found that a spammer had infringed America Online's trademark when he forged 'aol.com' in the header of the 73 million email messages he sent for his adult web sites. The court convicted the defendant for second-degree forgery and ordered him to pay more than $1.5 million in damages.
In addition, many ISPs expressly prohibit their users from sending spam. Keen on preserving their customer base and reputation, ISPs are not afraid to pursue spammers in court for breach of contract (see, for example, Court affirms ISPs' right to cut off spammers.)
Mark Webber (head of IT & Telecoms (US)), Osborne Clarke, Palo Alto (Tel: +1 650 462 4022) © Copyright Globe Business Publishing 2002 Terms & Conditions